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ABSTRACT 

The  calculation  of  the  exact  reliability  of  complex  systems  is  a 
difficult  and  tedious  task.   Consequently  simple  approximating  techniques 
have  great  practical  value. 

The  hazard  transform  of  a  system  is  an  invertible  transformation  of 
its  reliability  function  which  is  convenient  and  useful  in  both  applied 
and  theoretical  reliability  work.   A  simple  calculus  for  finding  an 
approximate  hazard  transform  for  systems  formed  by  series  and  parallel 
combinations  of  components  is  extended  so  that  it  can  be  used  for  any 
coherent  system.   The  extended  calculus  is  shown  to  lead  to  conservative 
approximations . 

A  first  order  version  of  the  extended  calculus  is  also  discussed. 
This  method  of  approximation  is  even  more  simple  to  use,  but  is  not  always 
conservative.   Examples  of  its  application  indicate  that  it  is  capable  of 
giving  quite  accurate  results. 
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1.       INTRODUCTION 

Suppose   that   two    components   perform  independently   and  have  probabil- 
ities    p..      and     p        of   doing  so  successfully,    i.e.    of   functioning.      If 
the   components    constitute   a  series   system,    i.e.    a  system  that    functions 
only   if  both   of   its    components    function,    then   the  probability    that    the 
system  functions   is 

P      =     h(p1,p2)      =      P-^, 

where     h(p    ,p   )      is   a  reliability   function.      With   due  regard   for  the 
limitations   imposed  by   assuming  that   the   components   perform  indepen- 
dently,   the    reliability   function   of  a  two    component   series   system  is    a 
convenient   summary   of  its   stochastic  properties.      The   convenience   stems 
from  the  variety   of  interpretations    that    can  be   attached  to  the  term 
functioning,    for   the    components,    and   consequently   for  the   system.      For 
example,      p..      and     p.      could  be   component   success  probabilities    for   a 
mission   that    develops   in   time,    or  one  of  several  types   of   component    avail- 
abilities.     In  each   case     p,      as    computed   from     h(p..,p9),  will  be  the 
corresponding  quantity    for    the   system.      The    reliability    functions    of 
more    complex  systems  have   the  same   utility. 

The  quantities      u     =   -log  P-,>uo   =   -log  p~      are  the   component  hazards _, 
and     u  =   -log  p      is   the  system  hazard.      For  the   two   component   series 
system 


u     =      n(u1,u2)      =      u1  +   u2, 


where  n(u..,u  )   is  a  hazard  transform.      The  hazard  transform  of  a  system 
is  equivalent  to  its  reliability  function,  but  for  many  purposes  repre- 
sents its  properties  in  an  even  more  convenient  way.   Examples  of  the 
application  of  hazard  transforms  are  given  in  Esary,  Marshall  and  Proschan 
(1970)  . 

For  the  two  component  parallel   system,  i.e.  the  system  that  functions 
if  either  of  its  components  functions,  the  reliability  function  is 


h(P;L,p2)   =   1  -  (l-Pl)(l-p2), 


and  the  hazard  transform  is 


-u      -u 
n(U;L,u2)  =  -log   {1  -  (1-e  1)(l-e  z) } 


The  contrast  in  complexity  between  the  series  and  parallel  hazard  trans- 
forms is  apparent.  However,  for  small  component  hazards   u-,u_,  i.e.  for 
large  component  success  probabilities  p  ,p~, 

n(Ul,u2)  -  Ulu2 

is  a  good  approximation  for  the  parallel  system,  and  is  conservative  in 
that  it  overestimates  system  hazard  and  thus  underestimates  system  relia- 
bility. 

An  approximate  hazard  transform     n*  can  be  defined  by: 

n*(u1,u  )   =  n(u..,u  )   =   u1  +  u   for  two  components  in  series, 

n*(u1  ,u_)   =   u..  u.   for  two  components  in  parallel. 

These  definitions  lead  to  a  simple  calculus  for  finding  an  approximate 
hazard  transform  for  systems  that  can  be  formed  using  series  and  parallel 


combinations  of  components.   For  example,  the  system  with  the  reliability 
block  diagram  shown  in  Figure  1  has,  following  the  above  rules  of  compu- 
tation, the  approximate  hazard  transform 


(1.1)      n*(u1,...,u5)   =   (U;Lu2  +  u3)(u4  +  u) 
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FIGURE  1 


Rubinstein  (1961)  introduced  this  calculus  as  a  step  in  deriving  life 
test  procedures  for  large  systems,  and  considered  (1965)  more  refined 
approximations  for  parallel  and  some  other  systems.  The  calculus  is 
employed  in  the  GUIDE  MANUAL  FOR  RELIABILITY  MEASUREMENT  issued  by  the 
Navy  Special  Projects  Office. 

Our  purpose  is  to  note  a  simple  extension  of  the  calculus  to  systems 
that  cannot  be  formed  using  just  series  and  parallel  combinations  of  com- 
ponents, e.g.  the  system  with  the  block  diagram  shown  in  Figure  2,  and 
to  show  that  the  extended  oaloulus  is  conservative. 


FIGURE  2 

We  also  comment  on  a  first  order  version  of  the  extended  calculus 
which  is  not  necessarily  conservative,  but  which  gains  in  simplicity  and 
can  give  quite  accurate  results. 


2.   AN  APPROXIMATE  HAZARD  TRANSFORM 

The  approximate  hazard  transform  we  consider  can  be  defined  for  the 
class  of  coherent  systems.   Systems  describable  by  a  reliability  block 
diagram  or  by  a  fault  tree  using  "and"  and  "or"  gates  are  coherent. 
Alternately,  the  performance  of  the  components  in  a  system  can  be  indi- 
cated by  Bernoulli  random  variables  X- , , . . ,X  ,  where  X.  =  1  if  the 
J  1      n'  x 

i —  component  functions,   X.  =  0  if  the  i —  component  fails  to  function, 
and  the  performance  of  the  system  can  be  indicated  by  a  structure  function 
<J>(X)  =  <j>(X1,...,X  ),  where   4>(X)  =  1   if  the  system  functions,  <J>(X)  =  0 
if  the  system  fails  to  function.  The  system  is  coherent   if  <J>  is 
increasing  in  each  of  its  coordinates  and  <j>(l,...,l)  =  1,  <j>(0,...,0)  =  0, 
conditions  which  are  clearly  satisfied  by  systems  described  by  block  dia- 
grams or  fault  trees. 


If  the  components  in  a  system  perform  independently,  i,e.  if 

X-,...,X   are  independent,  then  the  probability  p  =  P[<f)(X)  =  1]   that 

the  system  functions  can  be  computed  from  the  marginal  probabilities 

p.  =  P[X.  =1],   i  =  l,...,n,   that  the  components  function.   If  not, 

then  p   depends  on  the  joint  distribution  of  X. , . . . ,X  .   The  reliability 

In 

function     h  of  a  system  describes  the  relationship  between  p   and  p,,...,p 
in  the  case  of  independence.   It  is  formally  defined  by 

h(p)   =  h(Pl,...,pn)   =  P[<j>(X)  =  1], 

where  X..,...,X   are  independent  and  P[X.  =  1]  =  p.,   0  <  p.  <  1, 

i  =  1,... ,n. 

It  is  common  in  the  assurance  disciplines  to  work  with  hazards  rather 

than  with  probabilities.   Examples  are  the  "parts  count"  method  in  which 

component  hazards  are  added  to  obtain  a  system  hazard  (in  effect  assuming 

that  the  system  is  series)  ,  and  the  practice  of  adding  hazards  over  phases 

of  a  mission  to  obtain  a  mission  hazard. 

-u. 
Recall  that  the  component  hazards   axe     u.  =  -log   p.,  so  that  p.  =  e   , 

i  =  l,...,n,  and  the  system  hazard   is  u  =  -log   p  =  -log   h(g) .   A  hazard 

is  zero  when  the  probability  of  functioning  is  one  and  increases  to  infinity 

as  the  probability  of  functioning  decreases  to  zero,  which  to  some  extent 

makes  the  name  appropriate.  The  hazard  transform     n  of  the  system 

relates   u  to  u. u   and  is  defined  by 

In 

-u  -u 

n(u)      =     n(u1,...,un)      =     -log  h(p)      =     -log  h(e        ,...,e        ), 

where     u.    t  0,      i   =   l,...n.      Knowing  the  hazard  transform  of   a  system  is 
equivalent   to  knowing  its   reliability   function   since 


-n(u)     -r\(-log  p±,f . .  ,-log   pn) 
h(p)   =  e  e 


The  assumption  that  components  perform  independently  is  implicit  in  the 
definition  of  a  hazard  transform,  just  as  it  is  in  the  definition  of  a 
reliability  function. 

The  approximate  hazard  transform  we  consider  can  be  conveniently 
introduced  by  first  considering  an  approximation  for  the  hazard  transform 
of  a  parallel  system  and  then  extending  the  approximation  to  an  arbitrary 
coherent  system,  using  a  representation  of  the  system  as  a  series  of 
parallel  subsystems  related  to  its  "minimal  cuts." 

The  n  component  parallel   system  functions  if  at  least  one  of  its 
components  functions,  so  that  its  structure  function  is 

*(x)    -   i  -  TT^d-x.), 

and  its  reliability  function  is 

h(p)      =     P[<J>(X)    =  1]      =     1  -  P[XX=  0,...,Xn  =  0] 

=  i  -TTAp[xi  =  0]   =  x  -TTi^a-Pi). 

Its  hazard   transform  is 

-u  -u  -u. 

(2.1)  n(u)      =     -log  h(e     \...,e     n)      =     -log      [1  -  Jf^l-e     X)  ] . 

An  approximate  hazard  transform  for  the     n     component  parallel  system  is 

(2.2)  n*(u)      =     TTV^i    »     ii  >  0, 


where     0  =    (0.....0)      and     u  >   0     means      u.    >  0,      i  =   l,...,n.     The 


approximation  is  baaed  on  the  power  series  expansion  for  n(u). 

The  following  lemma  shows,  for  parallel  systems,  that:   (a)  the  exact 
and  approximate  hazard  transforms  agree  for  perfectly  reliable  compo- 
nents, (b)  the  approximate  hazard  transform  is  conservative,  i.e. 
it  indicates  greater  hazard  (less  reliability)  than  the  exact  transform, 
and  (c)  the  accuracy  of  the  approximate  hazard  transform  decreases  as 
the  component  hazards  increase.   The  lemma  extends  an  observation  of 
Rubinstein  (1965,  Appendix  B). 

Lemma  2.1  For  an  n  component  parallel  system  the  following  compari- 
sons exist  between  the  hazard  transform  n  and  the  approximate  hazard 
transform     n*: 

(a)  n*(0)  =  n(0)  =  0. 

(b)  n*(u)  *  n(u),  u  >  0. 

(c)  n*(u)  -  n(u)  is  increasing  with  respect  to     u.,  i  =  l,...,n, 

Proof.      It  is  immediate  that  n*(0)  =  0  and  that  n(0)  =  -log   1=0. 
Thus  (a)  holds.   That  (b)  holds  follows  from  (a)  and  (c) .   To  verify  (c) 
note  that 


-u.  -u. 

£ivHS)   -  n(a»  -    TLj^i L— —  • 

i  -  TTj^d-e  h 

-u.  -u. 

Since  u.  >  1-e  J   so  that   T---u-  -  T-v-(1_e  J)>  and 

-u.     -u. 
1  -  ]"[""  (1-e  J)  >  e  X  (the  reliability  of  a  parallel  system  is  not 

less  than  the  reliability  of  one  of  its  components),  it  follows  that 


3  (n*(u)  -  n(u)}  >  0.  Thus  (c)  holds.  D 


=  u 


3u. 

1 

The  assumption  that  the  components  perform  independently  is  crucial 
to  the  comparisons  of  Lemma  2.1,  as  is  shown  by  the  following  example. 

Example  2.2   Suppose  the  components  in  a  two  component  parallel  system 
perform  dependently  in  the  strong,  positive  sense  that   X.  =  X_  =  X, 
i.e.  if  one  component  fails,  so  does  the  other.   Then   <j>(X-,X,-)  = 
1  -  (1-Xj)  (l-jy  =  X,  and 

p  =  P[<f)(X1,X2)  =  1]  =  P[X=  1]  =  ?1  =  p2, 

where  p.  =  P[X  =  1]   and  p  =  P[X  =1].   The  system  hazard  is 
u  =  -log   p  and  the  component  hazards  are  u  =  -  log   p,  =  u,   u_  = 
-  log   p9  =  u.   If  one  now  tries  to  approximate  n  =  u  by  n*  ~  u-U_ 
only  part  (a)  of  Lemma  2.1  remains  valid.   In  particular  if  0  < u  < 1, 
then  n*<n,  i.e.  the  approximation  is  not  conservative.   □ 

In  a  coherent  system  those  combinations  of  components  whose  failure 
is  just  enough  to  cause  a  system  failure  are  called  minimal  cuts.   More 
precisely,  a  set  of  components  K  is  a  out   if  X.  =  0,  i  e  K  and 
X.  =  1,  i  i   K  implies  <j>(X)  =  0,  and  K  is  a  minimal  out   if  no  proper 
subset  of  K  is  also  a  cut.   For  example,  the  system  shown  in  Figure  1 
has  the  four  minimal  cuts 

K±     =  {1,2,4},  K2  =  {1,2,5},  K3  =  {3,4},   K4  =  {3,5}. 

and  the  system  shown  in  Figure  2  also  has  four  minimal  cuts,  but  these  are 

Kx  =  {1,2},   K2  =  {1,3,5},   K3  =  {2,3,4},  K^  =  {4,5}. 


We  will  denote  the  minimal  cuts  of  a  coherent  system  by  K..,...,iC  , 
where  k  is  the  number  of  minimal  cuts. 

Any  coherent  system  can  be  represented  in  terms  of  its  minimal  cuts 
by  forming,  for  each  minimal  cut,  a  parallel  subsystem  from  the  compo- 
nents in  the  cut,  and  then  connecting  the  parallel  subsystems  in  series 
Formally  the  system  structure  function   <$>  satisfies 


(2.3)      KX)   =   TTjl^jCX) 


where   <f>.(X)  =  1  ~  T-  y    (1~X.)>   j  =  l,t..,k,   are  the  structure  func- 
tions  of  the  parallel  subsystems  corresponding  to  the  minimal  cuts  of 
the  system.   More  graphically,  the  minimal  cuts  of  a  coherent  system 
determine  a  particular  way  of  drawing  its  block  diagram.   For  example, 
the  block  diagram  shown  in  Figure  3  is  equivalent  to  the  block  diagram 
shown  in  Figure  1,  and  the  block  diagram  of  Figure  4  is  equivalent  to 
the  block  diagram  of  Figure  2. 


L_  4 
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FIGURE  3 
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FIGURE  4 

An  important  thing  to  note  about  the  minimal  cut  representation  of 
a  coherent  system  is  that  the  same  component  can  appear  in  several  mini- 
mal cuts.   So  even  though  the  components  perform  independently,  the 
parallel  subsystems  corresponding  to  the  minimal  cuts  in  general  do  not. 

Thus,  if  h.(p)  =  1  -  1~[".    (1-p.),   j  =  1,  .  ,  .  ,k,  are  the  reliability 

J 
functions  of  the  parallel  subsystems,  then  the  relationship  h(p)  = 

I  I  ._ih.(p)  which  would  hold  if  the  parallel  systems  performed  independently 

is  not  necessarily  valid.     What  is  true  is  that 


(2.4) 


h(p)   >  "Tfj^h  (p)  ,   0  <p  <  1, 


(Esary  and  Proschan,    1963,   Theorem  4.1).      The   function 

(2.5)  hMC(p)      =     TTj^hjCp)    •      2  *  E  *  h 

is  the  minimal   out    lower  bound   on  the  exact  reliability  function  h. 

Recall  that   n(u)  =  -log   h(p)   is  the  exact  system  hazard  transform. 
Define  the  minimal  out  upper  bound   on  n  by 


(2.6) 


nMC(~}      =     ~l°g  hMC(S}      =      £j=lnj(~}    '      ~  "  5' 
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where  n  (u)  m   -  log   h  (p) ,   j  =  l,.,.,kf   The  bound  is  obtained  by 
finding  the  exact  hazard  transform  for  each  of  the  parallel  subsystems 
in  the  minimal  cut  representation  for  the  system  and  adding  these  to- 
gether as  if  the  parallel  systems  performed  independently.   The  following 
lemma  is  largely  a  restatement  of  inequality  (2.4). 

Lemma  2.3  For  a  adherent  system  the  following  comparisons  exist  between 
the  hazard  transform     n  and     n  _,  the  minimal  out  upper  bound  on     x\: 

(a)  nMC(0)  =  n(0)  =  0. 

(b)  nMC(u)  >  n(u),  u  >  0. 

Proof.      That   i\,„(0)  =  0   follows  from  (2.6)  and  part  (a)  of  Lemma  2.1. 

If  u  =  0,  then  p  »  (e   ,...,e  )  =  1,  and  n(0)  =  -log   h(l)  =  -log   1=0. 

Thus  (a)  holds.   That  (b)  holds  follows  from  inequality  (2.4),  since 

^MC^  =  ~l°g   hMC(je)  "  ~l°g   h(£)  =  n^~)#   D 

Remark  2.4   In  contrast  with  part  (b)  of  Lemma  2.1,  part  (b)  of  Lemma  2.3 
remains  valid,  in  essence,  when  component  performances  are  positively 
dependent  in  a  sense  called  "association"  (Esary,  Proschan,  and  Walkup, 
1967  and  Esary-Proschan,  1970).   However,  making  use  of  this  fact  in  the 
calculation  of  conservative  approximate  hazard  transforms  requires  finding 
suitable  modifications,  under  whatever  degree  of  association  is  specified, 
to  the  approximation  (2.2)  for  parallel  systems.   D 

The  approximate  hazard  transform   that  we  consider  for  an  arbitrary 
coherent  system  with  minimal  cuts  K-,...,K,   is 

k 


(2.7)     n*(u)   =   L^n^Cu),   u  >  0; 
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where     n*.(u)   =      |  •    K  u-    >      J   =   1, »..,k«      The  approximation   is   obtained 
3   '  le   j    X 

by   finding  the  approximate  hazard  transform  for  each   of  the  parallel  sub- 
systems  in   the  minimal   cut   representation   for  the   system  and  then   adding 
the   results   as   if  the  parallel  systems  performed  independently.      Thus 
approximations   at  two   different   levels   are   involved.      For  example,    the 
approximate  hazard  transform  for  the  system  of  Figures    1  and  3  is 


(2.8)  n*(u1, .  .  .  ,u5)      =      u1u2u^+u1u2u  +u  u  +u  u 


and   for  the  system  of  Figures   2   and  4 

(2.9)  n*(u1>. .  .,u5)      =      u-jU^u-jU^+u^u^+u^. 

The  following  theorem  shows   that  the  approximate  hazard  transform  for 
a  coherent   system  is:      (a)    exact    for  perfectly   reliable   components,    and 
(b)    conservative. 

Theorem  2.5     For  a  adherent  system  the  following  comparisons  exist  between 
the  hazard  transform     r\>      the  minimal  out  upper  bound     r\         on  the  hazard 
transform,   and  the  approximate  hazard  transform     n*: 

(a)  n*(Q)   =  nMC(Q)   =  n(0)  =  0. 

(b)  n*(u)  >  nMC(u)  >  n(u),     u  >  0. 

Proof.      That     n*(0)   =  0     is   immediate   from  (2.7).      That     nMC(0)   -  n(0)   =  0 

is  part    (a)    of  Lemma  2.3.      Thus    (a)   holds.      To  show    (b)    recall  that 
nMr(u)    ^  ti(u)      is  part    (b)    of  Lemma  2.3,   and  note  that   from   (2.6),    (2.7), 
and  part    (b)    of  Lemma  2.1 

n*<u)     =    Zj-i^jCa)     *    £j=inj(^    =    nMC(u). 

Thus    (b)   holds.      □ 
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3.   A  CALCULUS  FOR  APPROXIMATE  HAZARD  TRANSFORMS 

One  of  the  most  attractive  features  of  the  approximate  hazard  trans- 
form (2.7)  is  the  simple  calculus  by  which  it  can  be  computed  for  certain 
important  categories  of  coherent  systems,  notably  the  class  of  systems 
that  can  be  formed  by  successive  series  and  parallel  combinations  of  sub- 
systems with  non-overlapping  sets  of  components,  i.e.  the  class  of  simple 
systems  considered  by  Lomnicki  (1973) ,   The  essential  ideas  of  this  cal- 
culus are  described  in  Section  1,  and  its  application  to  the  system  of 
Figure  1  is  illustrated.   Note  that  the  approximate  hazard  transform  for 
that  system  given  in  (1.1)  agrees  with  the  approximate  hazard  transform 
given  in  (2.8), 

For  the  purposes  of  this  section  we  will  denote  a  system  by  a  couple 
(C,<j>),  where  C   is  the  set  of  components  used  in  forming  the  system  (from 
the  mathematical  viewpoint  C   is  a  set  of  indices   i   used  to  label  the 
components)  and  <J>   is  the  structure  function  of  the  system.   We  will  be 
considering  coherent  systems  (C,<}>)   formed  from  two  coherent  subsystems, 
(C1,(f>1)   and   (C-,<J)-).   In  this  situation  C  =  C.uC_,  i.e.  the  system  com- 
ponent set  consists  of  all  the  components  appearing  in  either  subsystem. 
The  subsystems  have  non-overlapping  or  disjoint   component  sets  if 
C.  nC_  =  0,  where  0   is  the  empty  set,  i.e.  no  component  appears  in  both 
subsystems.   The  reason  for  being  interested  in  subsystems  with  disjoint 
component  sets  is  that  if  all  the  aomponents  in     C  perform  independently 
and     C  ,C  are  disjoint 3   then  the  subsystems  perform  independently . 

The  system  (C,<j>)   is  a  series   combination  of  the  subsystems   (C..,<|>..) 
and  (C2<}>2)   if 
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(3.1)  «J>(X)  =   ^Qp^Qt),   for  all  realizations  of  X, 

where  X  is  the  vector  of  component  performance  indicators  X.,  ieC. 
If  C   and  C   are  disjoint,  then   <j>   depends  only  on  those  X.   such 
that  ieC.  ,  and  <j>~   depends  only  on  those  X.   such  that   ieC_.   Simi- 
larly,  (C,<}>)   is  a  parallel   combination  of   (C  ,<}>  )   and  (C  ,<J>  )   if 

(3.2)  <KX)   =  1  -  {1-<J>1(X)}{1-*  (X)},   for  all  realizations  of  X. 

It  is  easy  to  check  that  a  series  or  parallel  combination  of  coherent 
subsystems  is  a  coherent  system.   Graphically,  these  definitions  corres- 
pond to  being  able  to  display  the  block  diagram  for  the  system  as  a  series 
or  parallel  combination  of  the  block  diagrams  for  the  subsystems.   The 
following  proposition  describes  how  approximate  hazard  transforms  can  be 
computed,  for  series  and  parallel  combinations  of  subsystems  with  disjoint 
component  sets,  to  obtain  results  that  agree  with  (2.7). 

Proposition  3.1  Suppose  a  coherent  system     (C,<}>)  is  a  combination  of 
the  coherent  subsystems     (C-,^.)  and     (C-,^-)  where     C  and     C  are 
disjoint.      Let     n*  be  the  approximate  hazard  transform  for     (C,<j>)  and 
n*  ,n*9  be  the  approximate  hazard  transforms  for     (C  ,<J>-)  and     (C  , <j>_)  . 
Then  for  all     u  >  0: 

(a)  n*(u)  =  n*1  (u)  +  n*9(u),  if  the  combination  is  series. 

(b)  n*(u)  =  n*, (u)  n*9(u),  if  the  combination  is  parallel. 

Proof.      Suppose   (C..,  <(>..)   has  the  minimal  cuts  K   ,  ...,K  ,    and  (C-jfjO 
has  the  minimal  cuts  K   , ...,K   . 

(a)   If  the  combination  is  series,  then  since  C   and  C   are  disjoint, 
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(C,  4>)   has  k  =  k  +k~   minimal  cuts,  namely 

Ki =  Ku \  -  VV =  "21 Vk2 "  v 

From   (2.7) 

n*W   -  ^-JW*  -  I>=iTTt£K ^vl^  -t 

J  1  lJx  J2  2j2 


=     n^Cu)  +  n*2(u)    , 


so   (a)   holds. 


(b)   If  the  combination  is  parallel,  then  since  C   and  C  are  dis- 
joint, (C,<J>)   has  k  =  k  k   minimal  cuts,  namely  all  K.  =  K,  .  uK„ .   where 

12  J    IJ-l  2j2 

j  =  l,...,k  as  J1  =  l,...,k1  and  j   =  l,...,k2.   From  (2.7) 

k,    k 

1    IT 

k,    k 


kl    k2 

Jl  l     32   1     leKli,  x   1£K2i.  X 


UK..  Ui 


k  k 

Jl       ljx      J2       2j2 

so  (b)  holds.   D 

It  is  clear  that  if  a  system  is  formed  by  a  sequence  of  series  or  paral- 
lel combinations  of  modules ,    i.e.  subsystems  with  non-overlapping  component 
sets,  then  parts  (a)  and  (b)  of  Proposition  3.1  can  be  applied  in  the  same 
sequence  to  evaluate  its  approximate  hazard  transform.   Thus  the  proposition 
defines  a  calculus  which  is  applicable  to  simple  systems. 

Remark  3.2   Proposition  3.2  can  be  extended  to  show  that  whenever  a  module 
(cf .  Birnbaum  and  Esary,  1965)  occurs  in  a  coherent  system,  the  approximate 
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transform  for  the  system  can  be  found  by  first  finding  the  approximate 
hazard  transform  for  the  module  and  then  proceeding  as  if  the  module  were 
a  component  in  the  larger  system  with  the  hazard  given  by  its  approximate 
transform.   D 

A  specialized  application  of  the  approximate  hazard  transform  is  found 
in  the  GUIDE  MANUAL  FOR  RELIABILITY  MEASUREMENT  (Section  3.1.6).  All  com- 
ponents are  assumed  to  have  exponential  life  distributions,  i.e.  for  a 

-At 
mission  of  duration  t,   p.  =  e    ,   i  =  l,...,n.  The  mission  length  is 

taken  as  the  unit  of  time  measurement,  and  the  component  failure  rates  A. 

are  scaled  accordingly.   In  this  way  the  mission  reliability  of  a  component 

-A. 
has  the  simple  form  p.  =  e    .   The  component  mission  hazard  is  then 

u.  =  A..   Under  these  conventions  the  calculus  used  in  the  manual  is  a 
1    l 

special  case  of  the  approximate  hazard  transform  calculus. 


17 
4.      THE    FIRST -ORDER  APPROXIMATION 

The    approximate  hazard  transform     n*      is    always    conservative.      In   this 
section  we   describe  a  first-order  approximate  hazard  transform     n       which 
is    easier  to    compute   than      n*»    sometimes   more   accurate   than      n*,      but    is 
not    always    conservative. 

The   approximate  hazard  transform     n*     is  based  on   all  minimal   cuts   of 
the  system,    i.e.      n*,      computed  from   (2.7),    is   the   sum  of  the  products    of 
component   hazards   over  each  minimal   cut.      The    first-order  approximation  is 
computed  in    a  similar  manner  but   using  only  the  minimal   cuts  having  the   small- 
est number  of   components.      The  procedure   is  best   illustrated  by   an   example. 

Recall  that   the  system  shown   in   Figures   2   and  4  has    four  minimal   cuts. 
Two   minimal   cuts,      K     =    {1,2}      and     K,    =    {4,5},      contain   two   components. 
The   other   cuts    contain   more   than   two   components.      The   first-order  approxi- 
mation  for  this   system  is  based  only   on   cuts      K        and     K_ ,    i.e. 

(4.1)  n    (u1,...,u5)      =      u^+u^. 

The  procedure   for  the   first-order  approximation,    then,   is   to  identify 
the   smallest   minimal   cuts    and  to  sum  the  products   of   component  hazards   over 
those    cuts.      By   ignoring   the   larger  minimal    cuts,    the    first-order  approxi- 
mation tends   to   "correct"    for  the    conservative   error  in   the    approximate 
hazard  transform.      Of   course   the  "correction"   may  be   too   large,    i.e.    the 
first-order  approximation  is  not    always    conservative. 

If   a  component    does  not    appear  in   any   of  the  smallest   minimal    cuts,    e.g. 
component    3  of   Figures   2   and  4,    then   the   first-order  approximation   implicitly 
treats   the    component   as  being  perfectly   reliable.      If  the   reliability   of  such 
components   is  no  less    than  the   reliability   of  the    components   in   the   smallest 
minimal   cuts,    then  the    first-order  approximation   usually   gives   rather   good 
results. 
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5.      NUMERICAL   COMPARISONS 

In  this   section  we   compute  system  hazard  using  the  approximate  hazard 
transform     n*     and  the  first-order  approximation     n    ,    and  compare  the  re- 
sults with   the   true   system  hazard     n      for  selected  examples.      The   compari- 
son is   shown  in  terms  of    "percent   error"  where 

%   error  =      ^  °r   "*>    "  n   x   100. 


In  the  examples,  and  in  the  experience  of  the  authors  with  similar 
examples  involving  small  systems,  the  accuracy  of  the  approximations  usu- 
ally decreases  with  decreasing  component  reliabilities.   If  the  reliabil- 
ities are  greater  than  0.9,  the  approximations  usually  are  in  error  by  less 
than  20%. 

The  formulas  for  the  true  system  hazard  are  not  exhibited  in  the 
examples.   Some  appreciation  of  the  need  for  approximations  can  be  gained 
by  working  them  out.  The  motivation  for  the  approximations  discussed  here 
is  not  only  that  numerical  calculations  are  less  tedious,  but  also  that  a 
formula  for  numerical  calculations,  or  other  purposes,  can  be  derived  with 
relative  ease. 

Example  5.1   Suppose  the  components  in  the  system  of  Figures  1  and  3  have 

independent  times  to  failure,  exponentially  distributed  with  parameters 

-A.t 
A-,..., A,..   Then  for  a  mission  of  duration  t,  p.  =  e      and  u.  =  A.t, 

i  =  1,.,.,5.   The  approximations  to  the  system  hazard  for  the  mission  are 

1  2 

n   =   u  u4  +u3u5  =   A3tA4t  +  A3tA5t  =   A3(A4+A5)t  , 

and 


19 


n*     =     (A1A2t2  +  x3t)(x4t  +  At) 

[cf.    (1.1)].      Some  numerical   comparisons    for   this   system  are  tabulated 
below. 

Case   1        X     =   A0   =   X     =   X.    =   Ac   =  0.10 
12  3  4  5 

Percent  Error 


0.2 
0.4 
0.6 
0.8 
1.0 


n 

1 
n 

n* 

.0008 

1.2 

2.4 

.0031 

2.2 

6.0 

.0070 

3.3 

9.5 

.0122 

4.5 

12.8 

.0189 

5.8 

16.4 

Case  2   xx  =  A2  =  A3  =  °'20'   A4  =  A5  =  0,1° 


Percent 

Error 

n 

1 

n 

n* 

.0016 

— 

4.4 

.0064 

0.8 

8.8 

.0142 

1.6 

.  13.8 

.0249 

2.7 

19.1 

.0385 

4.0 

24.7 

0.2 
0.4 
0.6 
0.8 
1.0 

In  Case  2,  when  t  =  1.0,   p.  =0.82,   i  =  1,2,3.   This  low  component 
reliability  adversely  affects  the  accuracy  of  the  approximate  hazard 
transform.   G 


Example  5.2   Let  components  1,2,3,4  in  the  system  of  Figures  2  and  4  have 
independent  times  to  failure  with  the  distributions  shown  below.   Let  com- 
ponent 3  be  a  "one-shot"  device  which,  independently,  either  functions 
for  a  mission  of  any  duration  or  is  failed  from  the  outset. 
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Component 
1 
2 
3 
4 
5 


Distribution 

EXPONENTIAL 

EXPONENTIAL 

BERNOULLI 

WEIBULL 

WEIBULL 


Component  Hazards 

for  a  Mission  of 

Parameters 

Duration  t 

A 

At 

X 

At 

P3 

y,a 

-log  p3 

yt 

y,a 


yt 


For  a  mission  of  duration  t 


1    2  2  ,   2  2a 
n  =  X   t  +  y  t 


[cf.  (4.1)],  and 


1 2  2    ,  i  s  _.   a+1  ,   2  2a 

n*  =  A  t   -  (  Zo#  pj  2Ayt    +  y  t 


[cf.  (2.9)].   Some  numerical  comparisons  are  tabulated  below. 


Case  1   A  =  0.10,   p„  =  0.90,   y  =  0.10,   a  =  2 


Percent  Error 


0.2 

.0004 

0.4 

.0019 

0.6 

.0050 

0.8 

.0106 

1.0 

.0197 

1 

H* 

-1.5 

2.4 

-2.7 

4.3 

-2.5 

6.5 

-1.1 

9.1 

+1.5 

12.2 

Case  2 


A  =  0.10,   p„  =  0.95,   y  =  0.15,   a  =  2 


Percent  Error 


0.2 

.0006 

0.4 

.0030 

0.6 

.0081 

0.8 

.0179 

1.0 

.0342 

1 

n* 

0.1 

2.5 

0.7 

4.8 

2.3 

7.4 

5.2 

10.8 

9.5 

15.2 
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In  Case  1  the  first-order  approximation  is  not  conservative  for   t  <  0.8, 

i.e.  system  reliability  is  overestimated.   Note  that  the  component  ignored 

by  the  approximation,  component  3,  is  the  least  reliable  component  in 
the  system  for   t  <  1.0.   D 


22 


REFERENCES 

[1]   Z.  W.  Birnbaum  and  J.  D.  Esary  (1965).   Modules  of  coherent  binary 
systems.  SIAMJ.    Appl.    Math.,    13,  444-462. 

[2]  J.  D.  Esary,  A.  W.  Marshall,  and  F.  Proschan  (1967).  Association 
of  random  variables,  with  applications.  Ann.  Math.  Statist. ,  38, 
1466-1474. 

[3]  J.  D.  Esary  and  F.  Proschan  (1970).  A  reliability  bound  for  systems 
of  maintained,  interdependent  components.  J.  Amer.  Statist.  Assoc. 3 
65,  329-338. 

[4]  J.  D.  Esary,  A.  W.  Marshall  and  F.  Proschan  (1970).  Some  reliabil- 
ity applications  of  the  hazard  transform.  SIAM  J.  Appl.  Math.,  18, 
849-860. 

[5]   Z.  A.  Lomnicki  (1973).   Two-terminal  series-parallel  networks. 

Adv.    Appl.   Prob.,    4,  109-150. 

[6]   D.  Rubinstein  (1961).   On  the  estimation  of  system  reliability. 

Proceedings  of  the   1961  National  Aerospace  Electronics  Conference, 
Dayton,    Ohio,    262-266. 

[7]   D.  Rubinstein  (1965).   On  the  inference  of  system  reliability, 
Report  I  -  mathematical  model.   General  Electric  Radio  Guidance 
Operation,  Report  R65RG05  (19  Nov.). 

[8]   Special  Projects  Office,  Department  of  the  Navy  (1965).  Guide 

Manual  for  Reliability  Measurements  Program.     NAVWEPS  OD  29  304 
(15  May). 


23 


INITIAL  DISTRIBUTION  LIST 


No.  Copies 


Defense  Documentation  Center  (DDC)  12 

Cameron  Station 

Alexandria,  Virginia    22314 

Dean  of  Research  2 

Code  023 

Naval  Postgraduate  School 

Monterey,  California   93940 

Library  (Code  0212)  2 

Naval  Postgraduate  School 
Monterey,  California   93940 

Library  (Code  55)  2 

Naval  Postgraduate  School 
Monterey,  California   93940 

Dr.  Nancy  R.  Mann  1 

Research  Division 

Rocketdyne ,  Division  of  North  American  Aviation,  Inc. 

6633  Canoga  Avenue 

Canoga  Park,  California   91304 

Professor  Ingram  Olkin  1 

Department  of  Statistics 
Stanford  University 
Stanford,  California   94305 

Professor  J.  Neyman  1 

Department  of  Statistics 
University  of  California 
Berkeley,  California   94720 

Professor  William  L.  Hutchings  1 

Department  of  Mathematics 

Whitman  College 

Walla  Walla,  Washington   99362 

Professor  Frank  Proschan  1 

Department  of  Statistics 
The  Florida  State  University 
Tallahassee,  Florida    32306 

Dr.  Sam  C.  Saunders  1 

Mathematics  Department 
Washington  State  University 
Pullman,  Washington   99163 


24 


Dr.  Seymour  M.  Selig 
Office  of  Naval  Research 
Arlington,  Virginia   22217 

Professor  Z.  W.  Birnbaum 
Department  of  Mathematics 
University  of  Washington 
Seattle,  Washington   98105 

Professor  R.  E.  Barlow 

Department  of  Industrial  Engineering 

and  Operations  Research 
University  of  California 
Berkeley,  California   94720 

Professor  Ernest  M.  Scheuer 
Management  Science  Department 
San  Fernando  State  College 
Northridge,  California   91324 

Professor  D.  R.  Cox 
Imperial  College 
Exhibition  Road 
London  SW  7 ,  England 

Professor  Zvi  Zeigler 

Israel  Institute  of  Technology,  Technion 

Haifa,  Israel 

Professor  Samuel  Karlin 
Mathematics  Department 
Weizmann  Institute  of  Science 
Rehovot ,  I sr ael 

Professor  Chin  Long  Chiang 
Division  of  Biostatistics 
University  of  California 
Berkeley,  California   94720 

Professor  G.  J.  Liebermann 
Department  of  Operations  Research 
Stanford  University 
Stanford,  California   94305 

Professor  A.  W.  Marshall 
Department  of  Statistics 
University  of  Rochester 
Rochester,  New  York   14627 

Professor  Lucien  Le  Cam 

Centre  de  Recherches  Mathematiques 

Universite  de  Montreal 

Case  postale  6128,  Montreal  101,  Canada 


25 


Dr.  Bruce  J.  McDonald 
Office  of  Naval  Research 
Arlington,  Virginia   22217 

Dr.  B.  H.  Colvin 
Applied  Mathematics  Division 
National  Bureau  of  Standards 
Washington,  D.  C.    20234 

Dr.  Guil  Hollingsworth 
Technical  Director 
Naval  Air  Development  Center 
Warminster,  Pennsylvania   18974 

Professor  Nozer  D.  Singpurwalla 
Operations  Research  Department 
George  Washington  University 
Washington,  D.  C.    20006 

Professor  J.  Keilson 
Department  of  Statistics 
University  of  Rochester 
Rochester,  New  York   14627 

Technical  Library 
Naval  Ordnance  Station 
Indian  Head,  Maryland   20640 

Dr.  Bill  Mitchell 

Department  of  Management  Sciences 
School  of  Business  and  Economics 
California  State  University 
Hayward,  California   94542 

Dr.  K.  T.  Wallenius 
Office  of  Naval  Research 
Arlington,  Virginia    22217 

CDR  A.  E.  Dorsey  SP1141 
Strategic  Systems  Project  Office 
Department  of  the  Navy 
Washington,  D.  C.    20390 

Mr.  D.  Rubinstein 

National  Institutes  of  Health 

Bethesda,  Maryland   20014 

Dr.  Z.  A.  Lomnicki 
The  Stone  House ,  Oaken  Lanes 
Oaken,  Codsall 
Staffordshire,  England 


26 


Department  of  Mathematics 
Naval  Postgraduate  School 
Monterey,  California   93940 

Professor  W.  M.  Woods  53Wo  1 

Professor  T.  Jayachandran  53Jy  1 

Professor  P.  C.  C.  Wang  53Wf  1 

Department  of  Operations  Research 

and  Administrative  Sciences 
Naval  Postgraduate  School 
Monterey,  California   93940 

1 
1 
1 
1 
1 
1 
1 
1 
1 
CDR  R.  A.  Stephan  55Xd  1 

LCDR  W.  J.  Hayne  10 

OR/AS  Department 

Naval  Postgraduate  School 

Monterey,  California   93940 

Professor  J.  D.  Esary  10 

Department  of  Operations  Research 

and  Administrative  Sciences 
Naval  Postgraduate  School 
Monterey,  California    93940 


Professor 

D. 

R. 

Barr  55Bn 

Professor 

R. 

W. 

Butterworth  55Bd 

Professor 

D. 

P. 

Gaver  55Gv 

Professor 

M. 

B. 

Kline  55Kx 

Professor 

H. 

J. 

Larson  55La 

Professor 

P. 

A. 

W.  Lewis  55Lw 

Professor 

K. 

T. 

Marshall  55Mt 

Professor 

P. 

R. 

Milch  55Mh 

Professor 

R. 

R. 

Read  55Re 

UNCLASSIFIED 


SECURITY   CLASSIFICATION   OF   THIS  PAGE  (When  Data  Entered) 


27 


REPORT  DOCUMENTATION  PAGE 


READ  INSTRUCTIONS 
BEFORE  COMPLETING  FORM 


1.     REPORT  NUMBER 


NPS55EY73091A 


2.  GOVT  ACCESSION  NO 


3.  RECIPIENTS  CATALOG  NUMBER 


4.     TITLE  (and  Subtitle) 


Properties  of  an  Approximate  Hazard 
Transform 


5.     TYPE  OF   REPORT   A   PERIOO  COVERED 

Technical   Report 


6.     PERFORMING  ORG.    REPORT   NUMBER 


7.     AuTHORfaJ 

J.  D.  Esary  and  W.  J.  Hayne 


8.  CONTRACT  OR  GRANT  NUMBERfaJ 

ONR-042-300 
TA  82415 


9.     PERFORMING  ORGANIZATION   NAME  AND  ADDRESS 

Naval  Postgraduate  School 
Monterey,  California   93940 


10.  PROGRAM  ELEMENT,  PROJECT,  TASK 
AREA  &  WORK  UNIT  NUMBERS 

PO  2-0251 
WR  3-5001 


11.     CONTROLLING  OFFICE  NAME  AND  ADDRESS 

Office  of  Naval  Research 


12.  REPORT  DATE 

September  1973 


U.     MONITORING  AGENCY  NAME  a    ADDRESSf//  different  from  Controlling  Office) 


13.  NUMBER  OF  PAGES 

30 


15.     SECURITY  CLASS,  (of  thie  report) 

Unclassified 


15a.     DECLASSIFICATION    DOWNGRADING 
SCHEDULE 


16.     DISTRIBUTION   ST ATEMENT  (of  thte  Report) 


Approved  for  public  release;  distribution  unlimited. 


17.     DISTRIBUTION  STATEMENT  (of  the  abetract  entered  In  Block  20,  If  different  from  Report) 


18.     SUPPLEMENTARY  NOTES 


19.     KEY  WORDS  (Continue  on  reveree  elde  It  neceeeary  and  Identify  by  block  number) 

Reliability  approximations,  hazard  transforms,  coherent  systems, 
simple  systems,  minimal  cuts 


20.     ABSTRACT  (Continue  on  reveree  elde  If  neceeeary  and  Identify  by  block  number) 

The  calculation  of  the  exact  reliability  of  complex  systems  is  a 
difficult  and  tedious  task.   Consequently  simple  approximating  techniques 
have  great  practical  value. 

The  hazard  transform  of  a  system  is  an  invertible  transformation 
of  its  reliability  function  which  is  convenient  and  useful  in  both 
applied  and  theoretical  reliability  work.   A  simple  calculus  for  finding 


DD  ,;XM71  1473 
(Page  1) 


UNCLASSIFIED 


EDITION  OF    1  NOV  65  IS  OBSOLETE 

S/N    010  2-014-6601   I  SECURITY  CLASSIFICATION  OF  THIS  PAGE  (Whan  Date  Entered) 


UNCLASSIFIED 


i'liCUHITY  CLASSIFICATION  OF  THIS  PAGEQVhTi  Dmtm  Entmrmd)  28 


Block  20  cont . 

an  approximate  hazard  transform  for  systems  formed  by  series  and 
parallel  combinations  of  components  is  extended  so  that  it  can  be 
used  for  any  coherent  system.   The  extended  calculus  is  shown  to 
lead  to  conservative  approximations. 

A  first  order  version  of  the  extended  calculus  is  also 
discussed.   This  method  of  approximation  is  even  more  simple  to 
use,  but  is  not  always  conservative.   Examples  of  its  application 
indicate  that  it  is  capable  of  giving  quite  accurate  results. 


DD  Form   1473     (BACK)  .„T.Tm 

1  Jan  73  UNCLASSIFIED 

S/N      0102-014-6601  SECURITY  CLASSIFICATION  OF  THIS  PAGEfWhrnn  Dmtm  Entmrmd) 


ot  .5  Op 


DUDLEY  KNOX  LIBRARY  -  RESEARCH  REPORTS 

5  6853  01057942  8 


